Formidable Forms / Shortcodes Ultimate Exploits In The Wild

On Monday, November 20th, we were notified about a vulnerability that poses a serious security risk when the Shortcodes Ultimate and Formidable Forms plugins are used together on a single WordPress installation.

Over the past couple of weeks, we’ve noticed a large influx in the number of malicious requests testing for the presence of the two popular WordPress plugins. Both of these plugins contain separate medium-risk vulnerabilities that, when combined, allow an attacker to remotely execute rogue code on the underlying server.